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const char xPIN = "19379148" 


// Compare the PIN with the correct one 
// Return true 1f different 


bool comparePIN(char *pin) í 
for (int 1-0; i<strlen(pin); i++) 4 


if (pin[i]!=PIN[i]) 
return true; 


} 


return false; 


// Authenticate PIN. 
// Return true if incorrect 


bool pinAuthentication() { 


char pin[80]; 
char tmp[80]; 
bool result=false; 


printf("Please, introduce PIN\r\n"); 
gets(pin) ; 


result = comparePIN(pin); 


ТЕ (result == false) 1 
sprintf(tmp,"PIN correct\r\n"); 
) else 1 
sprintf(tmp,"PIN 9s is 
incorrect\r\ 
n",pin); 


} 


printf(tmp); 
return result; 


const char xPIN = "19379148" 


// Compare the PIN with the correct one 
// Return true 1f different 


bool comparePIN(char *pin) í 
for (int 1-0; i«strlen(pin); i++) 1 


if (pin[i]!=PIN[i]) 
return true; 


} 


return false; 


// Authenticate PIN. 
// Return true if incorrect 


bool pinAuthentication() { 


char pin[80]; 
char tmp[80]; 
bool result=false; 


printf("Please, introduce PIN\r\n"); 
gets (ріп); 


result = comparePIN(pin); 


ТЕ (result == false) 1 
sprintf(tmp,"PIN correct\r\n"); 
} else { 
sprintf(tmp,"PIN %s is 
incorrect\r\ 
n",pin); 
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printf(tmp); 
return result; 


const char xPIN = "19379148" 


// Compare the PIN with the correct one 
// Return true 1f different 


bool comparePIN(char *pin) 4 
for (int 1-0; i«strlen(PIN); i++) í 


ТЕ (pin[i]!=PIN[i]) 
return true; 


} 


return false; 


// Authenticate PIN. 
// Return true if incorrect 


bool pinAuthentication() 1 


char pin[80]; 
char tmp[80]; 
bool result=false; 


printf("Please, introduce PIN\r\n"); 
fgets(pin,sizeof(pin) ,stdin) ; 


result = comparePIN(pin); 


ТЕ (result == false) 1 
sprintf(tmp,"PIN correct\r\n"); 
+ else 1 
sprintf(tmp,"PIN %s is 
incorrect\r\ 
n",pin); 


} 


printf("%s",tmp); 
return result; 


const char xPIN = "19379148" 


// Compare the PIN with the correct one 
// Return true 1f different 


bool comparePIN(char *pin) 4 
for (int 1-0; i«strlen(PIN); i++) í 


ТЕ (pin[i]!=PIN[i]) 
return true; 


} 


return false; 


// Authenticate PIN. 
// Return true if incorrect 


bool pinAuthentication() 1 


char pin[80]; 
char tmp[80]; 
bool result=false; 


printf("Please, introduce PIN\r\n"); 
fgets(pin,sizeof(pin) ,stdin) ; 


result = comparePIN(pin); 


ТЕ (result == false) 1 
sprintf(tmp,"PIN correct\r\n"); 
+ else 1 
sprintf(tmp,"PIN %s is 
incorrect\r\ 
n",pin); 


} 


printf("%s",tmp); 
return result; 
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const char xPIN = "19379148" 


// Compare the PIN with the correct one 
// Return true 1f different 


bool comparePIN(char *pin) í 
for (int 1-0; i<strlen(PIN); i++) 1 


ТЕ (pin[i]!=PIN[i]) 
return true; 


} 


return false; 


// Authenticate PIN. 
// Return true if incorrect 


bool pinAuthentication() { 


char pin[80]; 
char tmp[80]; 
bool result=false; 


printf("Please, introduce PIN\r\n"); 
fgets(pin,sizeof(pin) ,stdin) ; 


result = comparePIN(pin); 


ТЕ (result == false) 1 
sprintf(tmp,"PIN correct\r\n"); 
+ else 1 
sprintf(tmp,"PIN %s is 
incorrect\r\ 
n",pin); 


} 


printf("%s",tmp); 
return result; 


result = comparePIN(pin); 


ldr го, [sp, fpin] 
bl comparePIN 
str ro, (<р, #result] 


1 0 00000011010 
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result = pin; 


a a "~ (У TUI е T] 
| | | | “ | 8 l IJ | || || | 
Е Ai 


strb r2, [r3, HO] 


= | 1 \ l j| = 


1 0 00000011010 


Орсоде Address 


result = comparePIN(pin); 


ldr го, [sp, fpin] 
bl comparePIN 
str ro, (<р, #result] 


1 0 00000010001 


Орсоде Address 


comparePIN(pin); 


5 J LAF „= Αἱ Е ~ ΄. ЈЕ ص‎ = s 1 
Ldr ro, |5р, #pin}{ 
L. I pP Г ` NI 
bl comparePIN 

= 


asrs rl, r2, #32 


1 0 00000010001 
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‘Hackers seem close to publicly unlocking 
the Nintendo Switch 


Coders are rapidly finding exploits to open up Nintendo's new console. 


thx man! 


814 5 python3 test-dfa-esp.py 


und key #N d: 


B428516C29392CBC111E47369 


nux: ° . 
found: 
Minux: 5 ./Stark/aes_keyschedule DE95406B428516C29392CBC111 


61616161616161616161616 


BCF65677471082E4741EBE9 
BD71DOFBFAGCGF1FBE72D18 


Е954068428516С29392С8С1 
d $ python т 
: 616161616161 
: 303030303030 
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As we all know, а few weeks аго | 
stitches” attacks at DEFCON 25. | 


secure C hips made by STMicroelteerrvorrreo= KTICITIOSUIIHIPOFUCIIECUCSUVIFEVENYUTICDITOTIIC 


ask is: 


“Is the ST32F05 vulnerable to fault injection?” 


What 15 the relation between these two? 
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Bypassing authentication 


Bypassing secure boot 
Escalating privileges 
Recovering crypto keys 


Modifying security config. 


Bypassing authentication 


const char xPIN = "19379148" 


// Compare the PIN with the correct one 
// Return true 1f different 


bool comparePIN(char *pin) í 
for (int 1-0; i<strlen(pin); i++) 4 


if (pin[i]!=PIN[i]) 
return true; 


} 


return false; 


// Authenticate PIN. 
// Return true if incorrect 


bool pinAuthentication() { 


char pin[80]; 
char tmp[80]; 
bool result=false; 


printf("Please, introduce PIN\r\n"); 
gets(pin) ; 


result = comparePIN(pin); 


ТЕ (result == false) 1 
sprintf(tmp,"PIN correct\r\n"); 
) else 1 
sprintf(tmp,"PIN 9s is 
incorrect\r\ 
n",pin); 


} 


printf(tmp); 
return result; 
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if (recei vedKey != спој edkey) 


not authenti cated(); 


el se 
authenti cated( ); 


Bypassing Secure Boot 
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Verify signature Boot Loader 


& decrypt 


OS loader 
Verify signature 
& decrypt 


Application 


Verify signature Loader 


& decrypt 


void boot() { 


void (*entryPoint) (void); 


// Load image to buffer 
uint32_t len = loadFlashImage (imgBuf) 


// Verify image 
1f (verifyImage(imgBuf, len, sign, 
rsaKey) == false) 4 
goto reset; // Auth failed 
} 


// Јитр to image 
entryPoint = imgbuf; 
(kentryPoint)(); 


//Nerify image. Returns true is correct 


bool verifyImage(uint8 t kimage, 
uint32 t len, uint8 t *sign, rsaKey) í 


char хһа5һ1, xhash2; 


// Calculate Hash 
calculateHash(image,len,hash1) 


// Verify signature 
verifySignature(sign, rsaKey, hash2) 


// Compare hashes 

if (memcmp(hashi, hash2, HASH LEN) !- 0) 
return false; 

else 


return true; 
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Protecting a Secure Boot can be a nightmare! 


Escalating privileges 


REE-TEE separation 
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Payload Address 


Payload Address 
Read message 
NUS Е Payload Address 


Payload Address 


Mailbox 


Payload Address 


Payload Address 
Payload Address 


Payload Address 


Mailbox 


11100100101100110000000000000100 


Loop: 
Read message ldr го, 


str ro; 


memcpy (dst,src, len); 
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[r4], #4 


Payload Address 


Payload Address 
Payload Address 


Payload Address 


Mailbox 


11100100101100110000000000000100 


loop: 
Read message ldr pc, 


str ro, 


Payload(); 
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[r4], #4 
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Modifying security 
configuration 


void boot() { 


void (*entryPoint) (void); 


// Load image to buffer 
uint32 t len = loadFlashImage (imgBuf) 


// Verify image 
if (verifyImage(imgBuf, len, sign, 
rsaKey) == false) 4 
goto reset; // Auth failed 
} 


// Јитр to image 
entryPoint = imgbuf; 
(kentryPoint)(); 


// Read fuses and configure security modules 


bool disableJtag = readFuse (DISABLE JTAG); 

bool enableMemoryScrambler = 
readFuse(ENABLE, МЕМ SCRAMBLER) ; 

bool enableTEE = readFuse(ENABLE ΤΕΕ); 


if (disableJtag--true) 
closeJtag(); 


if (enableMemoryScrambler--true) 
configureMemoryScrambler(); 


if (enableTEE--true) 
configureTEE(); 
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Glitch Sensors Redundancy 


if (гесе vedKey ! = exgsct edKey) 
not authenti cat ed( ) 


, 


el se 
aut henti cated( ); 


if (recei vedKey ! = expe 
not authenti cafed(); 


// Do something el se 


If (recei vedKey ! = expect edKey) 
not authenti cat ed() ; 
el se 
aut hent i cat ed( ) ; 


sl еер(гапа()); // Random del ay 


If (recei vedKey ! = expect edKey) 
not authenti cat ed() ; 


else 
aut hent i cat ed( ) ; 
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Protecting software against Fl 
https: //www.riscure.com/uploads/2018/11/201708 Riscure Whitepaper Side Channel Patterns.pdf 


Fl on UDS: 
https: //www.riscure.com/uploads/2018/06/ 
Riscure Whitepaper Fault injection on automotive diagnostic protocols.pdf 


Bypassing secure boot 
https://www.riscure.com/uploads/2017/10/eu-16-Timmers-Bypassing-Secure-Boot-Using-Fault- 
Injection.pdf 


Linux privileges escalation: 
https://www.riscure.com/uploads/2017/10/ 
Riscure Whitepaper Escalating Privileges in Linux using Fault Injection.pdf 


Optical Е! 
https://www.riscure.com/uploads/2017/09/Practical-optical-fault-injection-on-secure- 
microcontrollers.pdf 


Wild Jungle Jump attack 
https://www.riscure.com/uploads/2017/09/Controlling-PC-on-ARM-using-Fault-Injection.pdf 


Practical DFA 
https://www.slideshare.net/secret/K8jIDL40s1evrW 
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